<html>
<head>
<title>XmlHttpRequest setRequestHeader injected header test \r\n in header name</title>
<script type="text/javascript" src="/shared/scripts/header.js"></script>
<script type="text/javascript" src="/shared/scripts/testcase.js"></script>
<script type="text/javascript">
if (window.addEventListener) {
	window.addEventListener('load', f, false);
} else if (window.attachEvent) {
	window.attachEvent('onload', f);
} else {
	window.onload = f;
}

function f() {
	var header = new Headers();
	var result = 'not found';
	var tc = new TestCase();
	tc.description = 'XmlHttpRequest setRequestHeader injected header test \\r\\n in header name';
	tc.test_passed = 'true'; // always passed, only set to false if we find the header.
	tc.result = 'not found';
	tc.expected_result = 'not found';
	var xhr = get_xhr();
	var injected_header = header.banned_header + ": " + header.banned_value;
	tc.input = "xhr.setRequestHeader('" + header.safe_header + ": wbts\r\n" + injected_header + "\r\n" + header.safe_header2 + "','wbts')";
	try {
		xhr.open('GET', '/testcases/headertests/showRequest', false);
	} catch(e) {
		tc.output += 'An error occurred opening url for: ' + injected_header + ':'+tc.outputException(e);
		tc.result = 'TEST FAILED';
		tc.saveTest(null);
		return;
	}
	try {
		var header_param = header.safe_header + ': wbts\r\n' + injected_header + '\r\n' + header.safe_header2;
		xhr.setRequestHeader(header_param, 'wbts');
		xhr.send();
		if (xhr.readyState == 4) {
			var ret = header.checkExists(xhr.responseText, tc);
			if (ret != 0) {
				tc.result = 'found';
				tc.test_passed = 'false';
			}
		}
		tc.output += '\r\nraw data:\r\n' + xhr.responseText;
	} catch(e) {
		tc.output += 'Injecting (' + injected_header + ') caused an exception:'+tc.outputException(e);
	}
	tc.saveTest(null);
}
</script>
</head>
<body></body>
</html>